1. Purpose of the Privacy Notice

At Costero Brokers Limited (“CBL,” “we”, “us”, “our”) we are committed to protecting the privacy and security of your personal data where we need to collect and process personal data to broker insurance and provide our associated services as Data controller.

This Privacy Noice explains how, when, and where, CBL, as an intermediary, collect and process your personal data that you have provided to us, in accordance with the Data Protection Laws. It further explains the third parties with whom we may share your personal data, what your rights are in the event we hold your personal data, and how you can enforce these rights.

2. Who are we?

We are an independent Lloyd’s of London insurance broker regulated in the UK by the Financial Conduct Authority (FCA) under reference number 309528 (you can view a full list of our current trading names and Appointed Representatives at any time by visiting https://register.fca.org.uk and searching our name). We are also registered with the Information Commissioner’s Office (ICO) under registration ZA061716, and our designated Data Protection Officer (DPO) can be contacted using the contact details set out under Section 12.

3. Definitions

Just so you understand what is meant by some of the terms in this Privacy Notice.

“personal Data” is any information that can be used to identify a living person. It does not include data where the identity has been removed (anonymous data)
“sensitive personal data” is personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, health data, or sexual orientation.
“data controller” means an organisation that decides how and why they collect personal data.
“third party” is someone who isn’t you us or a company connected to CBL

4. Who does this Privacy Notice relate to?

This Privacy Notice relates to the following types of individuals, where we hold
your personal data:

– Individuals who are prospective, current or former clients, including their representatives, for example those with power of attorney.
– Other individuals named on policies, joint policy holders or beneficiaries.
– Employees of our corporate clients who we liaise with, or who are named on a policy.
– Individuals who we liaise with at insurers, managing general agents and other market participants.
– Members of a trade or professional association.
– Individuals who contact us with a query, concern, or complaint.
– Individuals whose personal data we may have obtained from publicly. available sources, for example in connection with us undertaking background checks on our potential clients. And
– Individuals who solicit us for a quote, or who we solicit for marketing purposes.

There are types of individuals who this Privacy Notice does not relate to, for example our employees and sub-contractors (including prospective and former employees and sub-contractors). If you are one of these individuals and would like further information, please contact us using the details set out under Section 12.

5. When and how we collect this personal data.

We may collect personal data from, or about, you at different times and through different channels depending on our relationship with you, for example if:

– You request a quotation from us, either directly or via an intermediary.
– You purchase, change or cancel a policy through us.
– You are covered under, or named on, a policy that has been taken out by your employer.
– We receive notification of a claim that is made against you, or that you bring against one of our policyholders.
– You are a client of a business that we acquire.
– You contact us in writing or speak to us on the phone.
– You give permission to other companies to share your information with us.
– You request marketing information.

6. What personal data do we collect?

Depending on your relationship with us, we may hold the following types of personal data about you:

– Identity and contact data: for example, your name, gender, date of birth, postal address, job title, telephone number and e-mail address.
– Policy and claims information: for example, your policy number, details of your cover, premiums due, relationship to the policyholder (if applicable) and previous claims history.
– Payment and account data: for example, your bank account details and credit/debit card details where you are the payer of a premium.
– Location data: for example, your residential, work or IP address, the location of an insured item or property, and in the event of a claim, where the incident occurred.
– Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
– Information we obtain from other sources: including credit agencies, antifraud and other financial crime prevention agencies.
– Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with third party adjudicator services.

7. The lawful ways we use personal data.

We collect and process personal data for the following lawful reasons:

– Relationship Management – for example, where you are an individual policyholder and we need to process your personal data in order to provide you with a quotation (should you request one), or to arrange your insurance, manage any claims which arise with your policy, answer any queries you may have, action your requests and manage your renewal(s).
– Compliance with legal obligations – for example the rules set by our regulator the Financial Conduct Authority (FCA), to fulfil your data rights under data privacy laws, handle complaints about our services, and to comply with other legal requirements such as preventing money laundering and other financial crimes.
– Legitimate business interests – for example, to arrange and administer a policy where your employer is our client, to respond to third party claimants, to maintain accurate records in our systems, to monitor and improve our products and services through the use of analytics, to demonstrate compliance with applicable regulations, to undertake some marketing activities, and to facilitate internal management reporting activities across our businesses. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to us relying on this lawful reason (if applicable) to process your personal data. Further information on this right is provided under Section 12.
– Marketing – Both via our web site and direct to make suggestions and recommendations to you about our product and services.

8. The lawful ways we use sensitive personal data.

We only collect sensitive personal data from or about you where;

– This is necessary for us to advise, arrange or administer an insurance policy or claim arising from one.
– This is necessary for us establish, exercise or defend a legal claim.
– This is necessary for us to safeguard vulnerable individuals.
– We have obtained your explicit consent.
– You have manifestly made this type of data public.

9. Who we share personal data with.

Below are the categories of third parties that we may share your personal data with, but only where we have a legitimate reason to do so

– Insurers, intermediaries (including, but not limited to, other insurance brokers and managing general agencies), risk management assessors, loss adjusters, loss recovery agencies and third-party administrators who work with us to help manage and administer our policies.
– Credit reference, credit scoring and fraud prevention agencies.
– Debt collection agencies
– Law enforcement, government bodies, courts, tax authorities, auditors, banks, and our regulators.
– Service providers who help us manage our IT and back-office systems, or who provide platforms to us that we then use or make available to you.
– Marketing fulfilment, webinar and customer satisfaction service providers, acting on our behalf in facilitating online events, providing marketing communications and capturing feedback from our customers on our service levels.
– Any third party where disclosure is required to comply with legal or regulatory requirements.
– Other companies associated with CBL and consultants to CBL

10. International data transfers

We may sometimes need to transfer your personal data overseas to deliver our services or for other legitimate reasons (for example where legally required).

When such a transfer takes place and in the event the overseas country is not considered to provide an adequate level of protection under UK data protection law, then we shall ensure that a formal and enforceable set of standard contractual clauses is, or has been, entered into between us and the overseas recipient.

If you would like further information regarding our transfers, and the steps we take to safeguard your personal information, please see contact details in section 12.

11. Your Data Rights

Under the UK Data Protection Law, you have a number of rights in relation to the personal information that we hold about you which are described below;

– Access
– Rectification
– Restrict process
– To withdraw consent
– To erase
– To object to direct marketing
– To object to data portability

Should you submit a request or complaint to us and remain unhappy with our response, you may raise a complaint directly with the UK supervisory authority whose contact details can be found at www.ico.org.uk.

12. Our contact details

The primary point of contact for all issues arising from this Privacy Notice, including requests to exercise your rights or to contact our DPO, are as follows:

By e-mail: Jamie.webb@costerobrokers.com
By telephone: +44 (0) 2039989755
By post: Costero Brokers Ltd, The Northern & Shell Building,
10 Lower Thames Street, London EC3R 6EN